| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Passwörter geklaut - aber wie?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.08.2010, 19:34
| #1 |
 |  Passwörter geklaut - aber wie? Hi @ll! Vor knapp 2 Wochen wurde mein Battle.net-Passwort entwendet (mehr als 7 Stellen + Zahlen), auf das Profil zugegriffen wurde und alle persönlichen Daten geändert. Daraufhin habe ich Blizzard kontaktiert und nach Personalausweisscan alles wiederbekommen, mit neuem Passwort. Keine Probleme danach mehr gehabt. Nun wurde gestern Abend mein web.de E-Mail-Konto verwendet, um Hunderte Spam-Mails rauszuschicken und natürlich auch nebenbei alle persönlichen Daten zu ändern. Web.de hat davon aber Wind bekommen und das Konto gesperrt. Sollte ich aber nach Personalausweisscan auch in nächster Zeit wiederkriegen. Auch hier wurde offenbar das Passwort entwendet, und zwar ein gänzlich Anderes als das vom Battle.net! Als Browser benutze ich Firefox, als E-Mail Client Thunderbird. Ich bin über eine FritzBox kabelgebunden (nicht per W-LAN!) am Internet angeschlossen. Windows Firewall und Microsoft Security Essentials sind immer an und aktuell. Jetzt beschleichte mich der Verdacht, dass irgendwo ein Rootkit installiert ist. Backgroundprogramme mit auffälligem Namen habe ich im Taskmanager schon überprüft, nix auffälliges dabei. Auch ist mein PC nicht ausgelastet. Komplettvirenscan brachte kein Ergebnis. Sophos Anti-Rootkit benutzt, findet aber nix. (außer ein paar hidden files, die in den Temporary Internet Files stecken) HijackThis Log spuckt auch (meiner Meinung nach) nichts brauchbares aus: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:23:45, on 04.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Essentials\msseces.exe E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\explorer.exe M:\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - hxxp://mk.ath.cx/Ctl/WinWebPush.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 4660 bytes Kann mir jemand bei meinem Problem weiterhelfen? Was mich stutzig macht - wenn es derselbe Typ wäre, der hätte doch beide Passwörter innerhalb einer Woche abgegriffen und benutzt. Und nicht mit 2 Wochen Zeitversatz! Gruss Björn |
|
04.08.2010, 19:48
| #2 |
| /// Malware-holic   | Passwörter geklaut - aber wie? auch windows 7 möchte richtig abgesichert sein. ich werde dir am ende zeigen wie.
__________________ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. |
|
04.08.2010, 20:03
| #3 |
| | Passwörter geklaut - aber wie? Danke für den Tip,
__________________hier die Ergebnisse. OTL.txt [quote] OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.08.2010 20:51:29 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = M:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 25,00 Gb Total Space | 6,15 Gb Free Space | 24,59% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 3,30 Gb Free Space | 33,01% Space Free | Partition Type: NTFS Drive E: | 49,52 Gb Total Space | 2,36 Gb Free Space | 4,77% Space Free | Partition Type: NTFS Drive F: | 20,00 Gb Total Space | 2,15 Gb Free Space | 10,76% Space Free | Partition Type: NTFS G: Drive not present or media not loaded Drive H: | 77,50 Gb Total Space | 18,35 Gb Free Space | 23,67% Space Free | Partition Type: NTFS Drive I: | 56,66 Gb Total Space | 1,12 Gb Free Space | 1,97% Space Free | Partition Type: NTFS Drive J: | 4,87 Gb Total Space | 0,05 Gb Free Space | 1,13% Space Free | Partition Type: NTFS Drive K: | 995,89 Mb Total Space | 834,00 Mb Free Space | 83,74% Space Free | Partition Type: FAT Drive L: | 75,00 Gb Total Space | 8,13 Gb Free Space | 10,83% Space Free | Partition Type: NTFS Drive M: | 75,00 Gb Total Space | 16,64 Gb Free Space | 22,19% Space Free | Partition Type: NTFS Drive N: | 75,00 Gb Total Space | 10,48 Gb Free Space | 13,98% Space Free | Partition Type: NTFS Drive O: | 112,60 Gb Total Space | 32,39 Gb Free Space | 28,76% Space Free | Partition Type: NTFS Drive P: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive S: | 10,00 Gb Total Space | 3,61 Gb Free Space | 36,14% Space Free | Partition Type: NTFS Drive X: | 598,63 Gb Total Space | 576,24 Gb Free Space | 96,26% Space Free | Partition Type: NTFS Drive Y: | 598,63 Gb Total Space | 598,52 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive Z: | 200,00 Gb Total Space | 199,91 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: BjoernDESKTOP Current User Name: Bjoern Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - M:\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - M:\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NETFWDSL) -- C:\Windows\System32\DRIVERS\NETFWDSL.SYS File not found DRV - (MEMSWEEP2) -- C:\Windows\System32\4992.tmp File not found DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (FETNDIS) -- C:\Windows\System32\drivers\FETN62.sys (VIA Technologies, Inc. ) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (DSDrv4) -- E:\Program Files\DScaler\DSDrv4.sys () DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (CM300HF) TUCSEN TCA-3.0C (CM300HF.sys) -- C:\Windows\System32\drivers\CM300HF.sys () DRV - (OlyUsbCam) -- C:\Windows\System32\drivers\OlyUsbCam.sys (OLYMPUS IMAGING CORP.) DRV - (FDSSBASE) AVM FRITZ!Card DSL SL (WinXP/2000) -- C:\Windows\System32\drivers\fdssbase.sys (AVM Berlin) DRV - (AVMDSLPPPOE) -- C:\Windows\System32\drivers\avmdsloe.sys (AVM GmbH) DRV - (AVMNDSL) -- C:\Windows\System32\drivers\avmndsl.sys (AVM GmbH) DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 29 C9 EB 23 2A CB 01 [binary data] IE - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.hhpots.com/versands.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010.07.14 00:09:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010.07.04 11:47:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2010.07.04 11:47:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2010.01.10 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\mozilla\Extensions [2010.01.10 23:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.04 08:02:37 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions [2010.02.16 20:09:14 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010.04.14 19:50:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.01.10 23:12:31 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.07.27 07:26:34 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.02.25 08:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03} [2010.06.07 22:59:47 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.01.10 23:12:33 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051} [2010.07.27 07:26:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.01.10 23:12:33 | 000,000,000 | ---D | M] () -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{ceb49db4-3460-47dd-917f-9e4c08486d55} [2010.07.10 07:46:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.30 00:20:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.07.23 07:16:02 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\firebug@software.joehewitt.com [2010.01.10 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\firefox@tvunetworks.com [2010.07.11 13:37:15 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\foxyproxy@eric.h.jung [2010.07.07 08:00:50 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\mozilla\Firefox\Profiles\ofzxke5q.default\extensions\lazarus@interclue.com O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [GrooveMonitor] E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-332272656-1458237254-2962565626-1000..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-332272656-1458237254-2962565626-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} hxxp://mk.ath.cx/Ctl/WinWebPush.cab (WebWatch Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.05.25 06:16:57 | 000,000,046 | -H-- | M] () - P:\autorun.inf -- [ UDF ] O33 - MountPoints2\{c457ad35-fe32-11de-add0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c457ad35-fe32-11de-add0-806e6f6e6963}\Shell\AutoRun\command - "" = P:\Installer.exe -- [2010.05.25 06:16:57 | 002,505,256 | ---- | M] () O33 - MountPoints2\{f795a14a-1815-11df-993d-e3796e095f9f}\Shell - "" = AutoRun O33 - MountPoints2\{f795a14a-1815-11df-993d-e3796e095f9f}\Shell\AutoRun\command - "" = G:\HOI3_Semper_Fi_Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - E:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll () Drivers32: VIDC.HFYU - C:\Windows\System32\HUFFYUV.DLL (Disappearing Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.MP42 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation) Drivers32: vidc.MP43 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation) Drivers32: vidc.MPG4 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) ========== Files/Folders - Created Within 30 Days ========== [2010.08.03 23:35:25 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\Desktop\Bilder [2010.07.27 17:30:26 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\Documents\StarCraft II [2010.07.14 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\Documents\FFOutput [2010.07.14 19:59:36 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.07.14 19:59:36 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.07.14 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2010.07.14 19:58:30 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.07.14 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\AppData\Local\HandBrake [2010.07.14 19:18:00 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\AppData\Roaming\HandBrake ========== Files - Modified Within 30 Days ========== [2010.08.04 20:52:02 | 002,621,440 | -HS- | M] () -- C:\Users\Bjoern\NTUSER.DAT [2010.08.04 20:04:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.04 19:36:20 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.04 19:36:20 | 000,653,360 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.04 19:36:20 | 000,625,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.04 19:36:20 | 000,130,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.04 19:36:20 | 000,106,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.04 18:50:10 | 000,025,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 18:50:10 | 000,025,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 18:45:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.04 18:44:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.04 18:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.04 18:44:22 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 15:22:00 | 000,789,638 | ---- | M] () -- C:\Users\Bjoern\Desktop\MozBackup-1.4.10-EN.exe [2010.08.04 11:01:56 | 001,339,288 | ---- | M] () -- C:\Users\Bjoern\Desktop\sar_15_sfx.exe [2010.08.04 08:59:23 | 004,597,579 | -H-- | M] () -- C:\Users\Bjoern\AppData\Local\IconCache.db [2010.08.03 23:36:30 | 000,044,251 | ---- | M] () -- C:\Users\Bjoern\Desktop\Stack1.jpg [2010.08.03 23:35:26 | 000,000,418 | ---- | M] () -- C:\Users\Bjoern\Desktop\rectangle_New-Out99999-Do-.html [2010.08.03 21:33:22 | 000,007,605 | ---- | M] () -- C:\Users\Bjoern\AppData\Local\Resmon.ResmonCfg [2010.08.03 21:02:29 | 000,002,955 | ---- | M] () -- C:\Users\Bjoern\Desktop\CZPBatch.lnk [2010.08.03 21:02:29 | 000,002,955 | ---- | M] () -- C:\Users\Bjoern\Desktop\CombineZP.lnk [2010.07.27 17:49:11 | 000,000,723 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.07.24 07:28:06 | 000,013,391 | ---- | M] () -- C:\Users\Bjoern\Documents\2010-07-24.hrf [2010.07.17 12:45:48 | 000,002,256 | ---- | M] () -- C:\Users\Bjoern\.recently-used.xbel [2010.07.17 10:33:22 | 000,013,383 | ---- | M] () -- C:\Users\Bjoern\Documents\2010-07-17.hrf [2010.07.16 08:20:56 | 000,112,064 | ---- | M] () -- C:\Users\Bjoern\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.16 08:20:18 | 000,414,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.14 21:02:28 | 000,000,842 | ---- | M] () -- C:\Users\Bjoern\Desktop\Format Factory.lnk [2010.07.13 21:56:24 | 000,000,729 | ---- | M] () -- C:\Users\Bjoern\Desktop\XMedia Recode.lnk [2010.07.10 07:34:15 | 000,013,389 | ---- | M] () -- C:\Users\Bjoern\Documents\2010-07-10.hrf ========== Files Created - No Company Name ========== [2010.08.04 18:46:02 | 000,789,638 | ---- | C] () -- C:\Users\Bjoern\Desktop\MozBackup-1.4.10-EN.exe [2010.08.04 18:46:01 | 001,339,288 | ---- | C] () -- C:\Users\Bjoern\Desktop\sar_15_sfx.exe [2010.08.03 23:36:30 | 000,044,251 | ---- | C] () -- C:\Users\Bjoern\Desktop\Stack1.jpg [2010.08.03 23:35:26 | 000,000,418 | ---- | C] () -- C:\Users\Bjoern\Desktop\rectangle_New-Out99999-Do-.html [2010.08.03 21:33:22 | 000,007,605 | ---- | C] () -- C:\Users\Bjoern\AppData\Local\Resmon.ResmonCfg [2010.08.03 21:02:29 | 000,002,955 | ---- | C] () -- C:\Users\Bjoern\Desktop\CZPBatch.lnk [2010.08.03 21:02:29 | 000,002,955 | ---- | C] () -- C:\Users\Bjoern\Desktop\CombineZP.lnk [2010.07.27 17:30:26 | 000,000,723 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.07.24 07:28:06 | 000,013,391 | ---- | C] () -- C:\Users\Bjoern\Documents\2010-07-24.hrf [2010.07.17 12:45:48 | 000,002,256 | ---- | C] () -- C:\Users\Bjoern\.recently-used.xbel [2010.07.17 10:33:22 | 000,013,383 | ---- | C] () -- C:\Users\Bjoern\Documents\2010-07-17.hrf [2010.07.14 21:02:28 | 000,000,842 | ---- | C] () -- C:\Users\Bjoern\Desktop\Format Factory.lnk [2010.07.14 19:59:36 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.13 21:56:24 | 000,000,729 | ---- | C] () -- C:\Users\Bjoern\Desktop\XMedia Recode.lnk [2010.07.10 07:34:15 | 000,013,389 | ---- | C] () -- C:\Users\Bjoern\Documents\2010-07-10.hrf [2010.05.09 12:08:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.04.11 11:14:30 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.04.11 11:14:30 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.04.11 11:14:29 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.02.12 22:32:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.01.23 20:05:23 | 000,002,181 | ---- | C] () -- C:\Windows\Helicon Debug Window.ini [2010.01.19 23:26:02 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.01.19 23:26:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.01.16 22:31:11 | 000,013,056 | ---- | C] () -- C:\Windows\System32\drivers\CM300HF.sys [2010.01.13 22:49:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.10 18:23:15 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.01.10 18:23:15 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.01.10 16:12:01 | 000,004,608 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2006.10.11 05:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2010.07.14 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\avidemux [2010.05.09 12:19:43 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Bump Technologies, Inc [2010.01.15 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Canon [2010.02.12 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\DAEMON Tools Lite [2010.01.15 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\DScaler4 [2010.07.14 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\HandBrake [2010.01.28 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\inkscape [2010.01.10 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\MozBackup [2010.05.13 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Notepad++ [2010.05.12 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Thinstall [2010.01.10 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Thunderbird [2010.01.11 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Trillian [2010.08.04 08:59:25 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\uTorrent [2010.05.09 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\WordToPDF [2010.07.23 08:12:24 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\ZereneStacker [2010.06.05 08:22:13 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.17 12:36:28 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Adobe [2010.07.14 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\avidemux [2010.05.09 12:19:43 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Bump Technologies, Inc [2010.01.15 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Canon [2010.02.12 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\DAEMON Tools Lite [2010.01.15 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\DScaler4 [2010.07.14 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\HandBrake [2010.01.10 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Identities [2010.01.28 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\inkscape [2010.01.10 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Macromedia [2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Media Center Programs [2010.01.12 20:24:57 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Media Player Classic [2010.08.03 21:02:28 | 000,000,000 | --SD | M] -- C:\Users\Bjoern\AppData\Roaming\Microsoft [2010.01.10 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\MozBackup [2010.01.10 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Mozilla [2010.05.30 16:27:42 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Nero [2010.05.13 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Notepad++ [2010.05.08 18:34:14 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Skype [2010.05.08 18:32:12 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\skypePM [2010.05.12 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Thinstall [2010.01.10 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Thunderbird [2010.01.11 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Trillian [2010.08.04 08:59:25 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\uTorrent [2010.06.20 19:01:17 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\vlc [2010.05.09 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\WordToPDF [2010.07.23 08:12:24 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\ZereneStacker < %APPDATA%\*.exe /s > [2010.03.19 19:40:52 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Users\Bjoern\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe [2010.08.03 21:02:28 | 000,005,806 | R--- | M] () -- C:\Users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_18be6784.exe [2010.08.03 21:02:28 | 000,001,078 | R--- | M] () -- C:\Users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_294823.exe [2010.08.03 21:02:28 | 000,001,078 | R--- | M] () -- C:\Users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_2cd672ae.exe [2010.08.03 21:02:28 | 000,005,806 | R--- | M] () -- C:\Users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_4ae13d6c.exe [2010.08.03 21:02:28 | 000,001,078 | R--- | M] () -- C:\Users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_69525f90.exe [2010.04.18 14:33:56 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe [2010.04.18 14:33:56 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.12 22:32:45 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 400 bytes -> C:\Users\Bjoern\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96 < End of report > Extras.txt [quote] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.08.2010 20:51:29 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = M:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 6,15 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,30 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive E: | 49,52 Gb Total Space | 2,36 Gb Free Space | 4,77% Space Free | Partition Type: NTFS
Drive F: | 20,00 Gb Total Space | 2,15 Gb Free Space | 10,76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 77,50 Gb Total Space | 18,35 Gb Free Space | 23,67% Space Free | Partition Type: NTFS
Drive I: | 56,66 Gb Total Space | 1,12 Gb Free Space | 1,97% Space Free | Partition Type: NTFS
Drive J: | 4,87 Gb Total Space | 0,05 Gb Free Space | 1,13% Space Free | Partition Type: NTFS
Drive K: | 995,89 Mb Total Space | 834,00 Mb Free Space | 83,74% Space Free | Partition Type: FAT
Drive L: | 75,00 Gb Total Space | 8,13 Gb Free Space | 10,83% Space Free | Partition Type: NTFS
Drive M: | 75,00 Gb Total Space | 16,64 Gb Free Space | 22,19% Space Free | Partition Type: NTFS
Drive N: | 75,00 Gb Total Space | 10,48 Gb Free Space | 13,98% Space Free | Partition Type: NTFS
Drive O: | 112,60 Gb Total Space | 32,39 Gb Free Space | 28,76% Space Free | Partition Type: NTFS
Drive P: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive S: | 10,00 Gb Total Space | 3,61 Gb Free Space | 36,14% Space Free | Partition Type: NTFS
Drive X: | 598,63 Gb Total Space | 576,24 Gb Free Space | 96,26% Space Free | Partition Type: NTFS
Drive Y: | 598,63 Gb Total Space | 598,52 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive Z: | 200,00 Gb Total Space | 199,91 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: BJOERNDESKTOP
Current User Name: BJOERN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-332272656-1458237254-2962565626-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EA05D7F-5645-4068-A60F-0DCF8FBFD267}" = OLYMPUS Raw Codec
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77A2397A-E22A-4FD2-BC9F-A60767C4C381}_is1" = Tsview 6.1.4.2
"{80958B03-07E3-4F0A-8950-4F709899F321}" = OLYMPUS Studio 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{da97878c-df4a-4cd4-b867-e18e3bc8de1e}" = Nero 9 Trial
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"1A6754C019F3AE544C346226BB63AC9BC7DACCDE" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
"2CFDDBA03CBE225A1FA2032FE06674F0AF0549D0" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Diablo II" = Diablo II
"DScaler 4 Test Version_is1" = DScaler 4 Test Version
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.45
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"Inkscape" = Inkscape 0.47
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Notepad++" = Notepad++
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"Semper Fi_is1" = Semper Fi 1.0
"SopCast" = SopCast 3.2.4
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Trillian" = Trillian
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"XMedia Recode" = XMedia Recode 2.2.4.4
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-332272656-1458237254-2962565626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.08.2010 16:03:31 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 01.08.2010 17:09:35 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 01.08.2010 18:06:42 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.08.2010 01:10:15 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.08.2010 02:12:30 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.08.2010 12:35:57 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.08.2010 13:14:19 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.08.2010 13:43:30 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.08.2010 14:02:17 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.08.2010 15:07:40 | Computer Name = BJOERNDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ System Events ]
Error - 01.06.2010 02:14:41 | Computer Name = BJOERNDESKTOP | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 01.06.2010 02:58:37 | Computer Name = BJOERNDESKTOP | Source = DCOM | ID = 10010
Description =
Error - 01.06.2010 13:58:53 | Computer Name = BJOERNDESKTOP | Source = ipnathlp | ID = 34001
Description =
Error - 01.06.2010 13:58:53 | Computer Name = BJOERNDESKTOP | Source = ipnathlp | ID = 30013
Description =
Error - 01.06.2010 16:33:55 | Computer Name = BJOERNDESKTOP | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%861-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unspecified error Ursache: %%842
Error - 01.06.2010 16:34:05 | Computer Name = BJOERNDESKTOP | Source = ipnathlp | ID = 34001
Description =
Error - 01.06.2010 16:34:05 | Computer Name = BJOERNDESKTOP | Source = ipnathlp | ID = 30013
Description =
Error - 01.06.2010 17:50:04 | Computer Name = BJOERNDESKTOP | Source = ipnathlp | ID = 34001
Description =
Error - 01.06.2010 17:50:04 | Computer Name = BJOERNDESKTOP | Source = ipnathlp | ID = 30013
Description =
Error - 01.06.2010 17:50:04 | Computer Name = BJOERNDESKTOP | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
04.08.2010, 20:11
| #4 |
| /// Malware-holic | Passwörter geklaut - aber wie? war es bei beiden das selbe passwort? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
04.08.2010, 20:16
| #5 | |
| | Passwörter geklaut - aber wie?Zitat:
ComboFix.. darüber habe ich schon so viel gelesen, wie es alles kaputtmachen könnte, meinste das ist wirklich notwendig? Haste denn etwas in den Logs gefunden, das ComboFix beheben könnte? |
|
04.08.2010, 20:25
| #6 |
| /// Malware-holic | Passwörter geklaut - aber wie? du solltest mal n vergleich starten, du wirst viel mehr threads finden wo combofix hilfreich ist, kaputt machen kannst du den pc auch mit dem antivirus programm, wenn du dateien löschst, die fälschlicher weise als malware erkannt werden. log zeigt erst mal nichts, was nicht unbedingt heißt das da nichts ist. wenn du angst hast, dass die tools den pc kaputt machen, bzw die instalation, würde ich den vorschlag machen, ihn neu aufzusetzen und dann den pc richtig abzusichern und immer ein backup zu fahren, wofür ich dir natürlich ebenfalls tipps geben werde |
|
04.08.2010, 20:49
| #7 |
| | Passwörter geklaut - aber wie? Habe jetzt mal ComboFix drüberlaufen lassen: [quote] Combofix Logfile: Code:
ATTFilter ComboFix 10-08-04.02 - Bjoern 04.08.2010 21:40:09.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1083 [GMT 2:00]
Running from: c:\users\Bjoern\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.
2010-08-04 19:45 . 2010-08-04 19:45 -------- d-----w- c:\users\Bjoern\AppData\Local\temp
2010-08-04 19:45 . 2010-08-04 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-04 19:35 . 2010-08-04 19:36 -------- d-----w- C:\32788R22FWJFW
2010-08-03 19:02 . 2010-08-03 19:02 5806 ----a-r- c:\users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_4ae13d6c.exe
2010-08-03 19:02 . 2010-08-03 19:02 5806 ----a-r- c:\users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_18be6784.exe
2010-08-03 19:02 . 2010-08-03 19:02 1078 ----a-r- c:\users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_69525f90.exe
2010-08-03 19:02 . 2010-08-03 19:02 1078 ----a-r- c:\users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_2cd672ae.exe
2010-08-03 19:02 . 2010-08-03 19:02 1078 ----a-r- c:\users\Bjoern\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_294823.exe
2010-07-27 16:07 . 2010-07-28 05:23 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-14 17:59 . 2010-07-14 17:59 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-14 17:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-14 17:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-07-14 17:18 . 2010-07-14 17:18 -------- d-----w- c:\users\Bjoern\AppData\Local\HandBrake
2010-07-14 17:18 . 2010-07-14 17:24 -------- d-----w- c:\users\Bjoern\AppData\Roaming\HandBrake
2010-07-07 06:00 . 2009-11-24 06:44 79872 ----a-w- c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-07-07 06:00 . 2009-11-24 06:44 33280 ----a-w- c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\extensions\lazarus@interclue.com\platform\WINCE\components\WeaveCrypto.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 17:36 . 2010-01-10 14:59 653360 ----a-w- c:\windows\system32\perfh007.dat
2010-08-04 17:36 . 2010-01-10 14:59 130050 ----a-w- c:\windows\system32\perfc007.dat
2010-08-04 06:59 . 2010-01-13 20:02 -------- d-----w- c:\users\Bjoern\AppData\Roaming\uTorrent
2010-07-27 15:49 . 2010-03-20 12:37 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-27 15:49 . 2010-02-19 16:15 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-23 06:12 . 2010-01-23 20:36 -------- d-----w- c:\users\Bjoern\AppData\Roaming\ZereneStacker
2010-07-22 21:15 . 2010-05-14 16:52 -------- d-----w- c:\program files\Common Files\Steam
2010-07-16 06:20 . 2010-01-10 14:11 112064 ----a-w- c:\users\Bjoern\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-15 22:09 . 2010-05-12 21:43 -------- d-----w- c:\programdata\Microsoft Help
2010-07-14 05:22 . 2010-01-19 22:31 -------- d-----w- c:\users\Bjoern\AppData\Roaming\avidemux
2010-07-04 14:40 . 2010-01-10 16:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 14:38 . 2010-01-10 16:22 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-03 17:44 . 2010-07-03 17:44 -------- d-----w- c:\program files\DIFX
2010-07-03 17:43 . 2010-07-03 17:43 -------- d-----w- c:\program files\MSXML 4.0
2010-07-03 17:36 . 2010-07-03 17:36 -------- d-----w- c:\programdata\QuickTime
2010-06-29 05:25 . 2010-04-09 17:49 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-23 17:48 . 2010-05-12 21:45 -------- d-----w- c:\program files\Microsoft.NET
2010-06-20 17:01 . 2010-02-06 15:09 -------- d-----w- c:\users\Bjoern\AppData\Roaming\vlc
2010-06-13 13:58 . 2010-06-13 13:58 697344 ----a-w- c:\users\Bjoern\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307a-1005110-0-main.dll
2010-06-01 17:37 . 2009-10-14 09:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24 . 2010-06-09 05:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 05:38 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 15:50 . 2010-06-07 20:59 73216 ----a-w- c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-21 05:18 . 2010-06-09 05:41 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-06-23 17:45 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-23 17:45 417792 ----a-w- c:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-10 7711264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-13 110592]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
R3 CM300HF;TUCSEN TCA-3.0C (CM300HF.sys);c:\windows\system32\Drivers\CM300HF.sys [2007-12-28 13056]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4992.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\DRIVERS\NETFWDSL.SYS [x]
R3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\DRIVERS\OlyUsbCam.sys [2007-01-12 21952]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-12 691696]
S3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Driver;c:\windows\system32\DRIVERS\avmdsloe.sys [2006-09-12 45952]
S3 AVMNDSL;AVM DSL NDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\avmndsl.sys [2006-09-12 39440]
S3 FDSSBASE;AVM FRITZ!Card DSL SL (WinXP/2000);c:\windows\system32\DRIVERS\fdssbase.sys [2006-09-12 715264]
.
Contents of the 'Scheduled Tasks' folder
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 08:54]
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 08:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: Nach Microsoft &Excel exportieren - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://mk.ath.cx/Ctl/WinWebPush.cab
FF - ProfilePath - c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hhpots.com/versands.html
FF - component: c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\ofzxke5q.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4992.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-04 21:47:28
ComboFix-quarantined-files.txt 2010-08-04 19:47
Pre-Run: 6.475.730.944 Bytes frei
Post-Run: 8.988.778.496 Bytes frei
- - End Of File - - E45E3653CE71AE0689375E8A7760823C
Findest du da was? |
|
05.08.2010, 12:15
| #8 |
| /// Malware-holic | Passwörter geklaut - aber wie? download malwarebytes: Malwarebytes instalieren, updaten, über die registerkarte aktualisierung. dann schalte alles an laufenden programmen ab, auch antivirus trenne die internetverbindung, starte nen komplett scan, funde löschen, log posten |
|
05.08.2010, 18:50
| #9 |
| | Passwörter geklaut - aber wie?Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4394
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
05.08.2010 19:46:40
mbam-log-2010-08-05 (19-46-40).txt
Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|D:\|E:\|F:\|H:\|I:\|J:\|L:\|M:\|N:\|O:\|S:\|X:\|Y:\|Z:\|)
Durchsuchte Objekte: 427470
Laufzeit: 1 Stunde(n), 32 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
05.08.2010, 18:55
| #10 |
| /// Malware-holic | Passwörter geklaut - aber wie? ja, wir sehen uns mal den laptop an, hier sieht alles io aus, ich würd dir am ende trotzdem gern tipps geben, wie du das system absichern kannst, falls du nichts dagegen hast :-) |
|
05.08.2010, 20:47
| #11 |
| | Passwörter geklaut - aber wie? So, habe jetzt mal den laptop durchgescannt. Malwarebytes hat einen infizierten Registrierungsschlüssel (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1) gefunden, verursacht durch "Malware.Trace". Soll ich das löschen? Könnte dieses sogar der "Passwortausleser" sein? Arg, hab ich grad gesehen. Der ist ein Passwortausleser. Kann man das mit Software fixen oder sollte ich das System besser neu aufsetzen? Hier noch die anderen Ergebnisse der anderen Scans: OTL: [code] OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.08.2010 20:11:04 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Bjoern\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,00 Gb Total Space | 27,00 Gb Free Space | 54,00% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 2,42 Gb Free Space | 24,23% Space Free | Partition Type: NTFS Drive E: | 50,00 Gb Total Space | 4,23 Gb Free Space | 8,46% Space Free | Partition Type: NTFS Drive F: | 116,29 Gb Total Space | 3,40 Gb Free Space | 2,92% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 1,97 Gb Total Space | 1,84 Gb Free Space | 93,56% Space Free | Partition Type: FAT Computer Name: BJOERN-LAPTOP Current User Name: Bjoern Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Bjoern\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - E:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\DTS.exe () PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\TpShocks.exe (Lenovo.) PRC - E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Bjoern\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (mi-raysat_3dsmax2010_32) -- E:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe File not found SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccessU) -- E:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (dtsvc) -- C:\Windows\System32\DTS.exe () SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe () SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.) SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.) SRV - (Microsoft Office Groove Audit Service) -- E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (MEMSWEEP2) -- C:\Windows\System32\FFF0.tmp File not found DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (intelkmd) -- C:\Windows\System32\drivers\igdpmd32.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (LenovoRd) -- C:\Windows\System32\drivers\LenovoRd.sys (Lenovo) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 D2 07 AE E0 7E CA 01 [binary data] IE - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010.04.08 23:30:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010.05.13 23:13:11 | 000,000,000 | ---D | M] [2009.12.17 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Mozilla\Extensions [2010.08.03 22:36:22 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\zagje12v.default\extensions [2010.03.03 16:05:21 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\zagje12v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4 - HKLM..\Run: [GrooveMonitor] E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found O4 - HKU\S-1-5-21-609206492-3827312299-4017811985-1000..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-609206492-3827312299-4017811985-1000..\Run: [ICQ] E:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKU\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1 (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.12.15 17:13:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5405c42e-f221-11de-914b-00247edfbbe6}\Shell - "" = AutoRun O33 - MountPoints2\{5405c42e-f221-11de-914b-00247edfbbe6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - E:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2010.08.05 20:07:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bjoern\Desktop\mbam-setup-1.46.exe [2010.08.05 20:07:06 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Bjoern\Desktop\OTL.exe [2010.08.05 20:07:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bjoern\Desktop\HiJackThis204.exe [2010.07.10 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\Documents\StarCraft II Beta [2010.07.10 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\AppData\Local\Blizzard Entertainment [2010.07.10 13:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.07.10 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\Desktop\StarCraft II Beta enGB 13891 Installer [2010.07.10 13:14:17 | 000,000,000 | ---D | C] -- C:\Users\Bjoern\Desktop\New folder [2009.12.17 11:45:51 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.12.17 11:45:51 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.05 20:11:20 | 002,359,296 | -HS- | M] () -- C:\Users\Bjoern\NTUSER.DAT [2010.08.05 20:08:09 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.05 20:08:09 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.05 20:08:09 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.05 20:00:24 | 003,815,988 | ---- | M] () -- C:\Users\Bjoern\Desktop\ComboFix.exe [2010.08.05 19:27:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.05 18:12:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bjoern\Desktop\mbam-setup-1.46.exe [2010.08.04 20:49:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Bjoern\Desktop\OTL.exe [2010.08.04 20:22:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bjoern\Desktop\HiJackThis204.exe [2010.08.04 19:00:03 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 19:00:03 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 18:54:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.04 18:54:32 | 1528,844,288 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 18:46:45 | 002,131,352 | -H-- | M] () -- C:\Users\Bjoern\AppData\Local\IconCache.db [2010.07.17 12:16:18 | 000,148,908 | ---- | M] () -- C:\Users\Bjoern\Desktop\Sandwasserpaper_final.docx [2010.07.12 16:31:09 | 355,002,778 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.11 15:19:24 | 203,409,873 | ---- | M] () -- C:\Users\Bjoern\Desktop\[UFW]_Lucky_Draw_Triangle_~Miharu_After~_-_01_[h264_480p][3D15A7F9].mkv [2010.07.10 13:25:19 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk [2010.07.06 23:57:57 | 000,434,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.05 20:07:05 | 003,815,988 | ---- | C] () -- C:\Users\Bjoern\Desktop\ComboFix.exe [2010.07.17 12:50:04 | 000,148,908 | ---- | C] () -- C:\Users\Bjoern\Desktop\Sandwasserpaper_final.docx [2010.07.11 15:07:51 | 203,409,873 | ---- | C] () -- C:\Users\Bjoern\Desktop\[UFW]_Lucky_Draw_Triangle_~Miharu_After~_-_01_[h264_480p][3D15A7F9].mkv [2010.07.10 13:21:47 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk [2010.02.07 01:06:14 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.12.26 16:47:51 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2009.12.26 16:47:51 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2009.12.26 16:47:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2009.12.26 16:47:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2009.12.26 16:47:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2009.12.26 16:47:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2009.12.26 16:38:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2009.12.26 16:38:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2009.12.26 16:38:38 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2009.12.26 16:37:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2009.12.26 16:37:15 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009.12.26 15:08:11 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.18 13:27:35 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.12.18 13:27:35 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.12.17 11:45:51 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.12.17 11:45:51 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.12.17 11:45:51 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.12.17 09:52:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.23 22:41:22 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.02.19 11:55:24 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\BIOBSERVE [2009.12.17 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\CachedFiles [2010.02.07 01:06:30 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Canneverbe Limited [2009.12.26 18:31:49 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.12.26 15:23:35 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\DAEMON Tools Lite [2010.07.17 13:11:02 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\EndNote [2010.07.17 13:11:33 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\ICQ [2009.12.17 23:43:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\inkscape [2009.12.17 23:15:13 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Notepad++ [2009.12.18 00:43:28 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\OpenOffice.org [2010.07.11 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\uTorrent [2010.01.08 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Wormux [2009.07.14 06:53:46 | 000,012,036 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.22 10:32:17 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Adobe [2010.02.19 11:55:24 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\BIOBSERVE [2009.12.17 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\CachedFiles [2010.02.07 01:06:30 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Canneverbe Limited [2009.12.26 18:31:49 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.12.26 15:23:35 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\DAEMON Tools Lite [2010.07.17 13:11:02 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\EndNote [2010.07.17 13:11:33 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\ICQ [2009.12.17 08:09:18 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Identities [2009.12.17 23:43:26 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\inkscape [2009.12.17 11:45:31 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\InstallShield [2009.12.17 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Macromedia [2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Media Center Programs [2009.12.17 09:33:43 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Media Player Classic [2010.05.18 20:09:54 | 000,000,000 | --SD | M] -- C:\Users\Bjoern\AppData\Roaming\Microsoft [2009.12.17 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Mozilla [2009.12.17 23:15:13 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Notepad++ [2009.12.18 00:43:28 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\OpenOffice.org [2009.12.26 17:53:47 | 000,000,000 | RH-D | M] -- C:\Users\Bjoern\AppData\Roaming\SecuROM [2010.07.11 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\uTorrent [2010.01.08 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\Bjoern\AppData\Roaming\Wormux < %APPDATA%\*.exe /s > [2009.12.17 11:31:35 | 000,010,134 | R--- | M] () -- C:\Users\Bjoern\AppData\Roaming\Microsoft\Installer\{73ED3EA3-F96F-D098-7EE4-146FBD30113E}\ARPPRODUCTICON.exe [2009.12.17 11:30:38 | 000,010,134 | R--- | M] () -- C:\Users\Bjoern\AppData\Roaming\Microsoft\Installer\{F67714D1-6842-EACA-C159-D25B947FA380}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.12.26 15:08:11 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Files - Unicode (All) ========== [2010.07.11 15:25:58 | 271,404,406 | ---- | M] ()(C:\Users\Bjoern\Desktop\(18????) RIN×SEN~??????????~?? (DVD 704x396 DivX6.92).avi) -- C:\Users\Bjoern\Desktop\(18禁アニメ) RIN×SEN~白濁女教師と野郎ども~上巻 (DVD 704x396 DivX6.92).avi [2010.07.11 15:06:34 | 271,404,406 | ---- | C] ()(C:\Users\Bjoern\Desktop\(18????) RIN×SEN~??????????~?? (DVD 704x396 DivX6.92).avi) -- C:\Users\Bjoern\Desktop\(18禁アニメ) RIN×SEN~白濁女教師と野郎ども~上巻 (DVD 704x396 DivX6.92).avi < End of report > OTL Extras [code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.08.2010 20:11:04 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Bjoern\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 27,00 Gb Free Space | 54,00% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,42 Gb Free Space | 24,23% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 4,23 Gb Free Space | 8,46% Space Free | Partition Type: NTFS
Drive F: | 116,29 Gb Total Space | 3,40 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,97 Gb Total Space | 1,84 Gb Free Space | 93,56% Space Free | Partition Type: FAT
Computer Name: BJOERN-LAPTOP
Current User Name: Bjoern
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F6DD2A-219B-44f5-975B-1685FD77980A}" = Autodesk-Lizenzverwaltung
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{0B744987-A39E-45E5-B930-11EDBDFE3003}" = X3 Reunion
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1DF0C90D-0705-32EA-B4DB-341C311EBB93}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}" = SPSS SmartViewer 15.0
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA782CB-C9A0-462F-9D18-17D301BC507C}" = Amos 16.0
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDEC5CA-DAD5-4F13-9847-6BE598BA4134}" = 3ds max 5
"{AC6D3E44-0C50-49DF-B1DD-4017C3B4EA40}" = TOD-Demo
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA61B3FD-10FF-4979-BC69-D3CC9E753765}" = SPSS SmartViewer 16.0
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy
"7-Zip" = 7-Zip 4.65
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AnswerWorks" = AnswerWorks Runtime
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Command & Conquer 95" = Command & Conquer Windows 95
"DCDemoDeinstallKey" = Dark Colony Demo
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"Grand Theft Auto" = Grand Theft Auto
"ImageJ_is1" = ImageJ 1.34s
"Inkscape" = Inkscape 0.47
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LMS" = C-Dilla Licence Management System
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Notepad++" = Notepad++
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"SigmaScan Pro 5" = SigmaScan Pro 5
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"ST4UNST #1" = Visual Basic 4 Runtime Files
"StarCraft II Beta" = StarCraft II Beta
"The Many Faces of Go 11.0" = The Many Faces of Go 11.0
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Two Worlds Pinball" = Two Worlds Pinball
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Wormux" = Wormux
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-609206492-3827312299-4017811985-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
ComboFix [code] Combofix Logfile: Code:
ATTFilter ComboFix 10-08-05.01 - Bjoern 05.08.2010 20:24:57.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.1944.996 [GMT 2:00]
ausgeführt von:: c:\users\Bjoern\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-05 bis 2010-08-05 ))))))))))))))))))))))))))))))
.
2010-08-05 18:31 . 2010-08-05 18:33 -------- d-----w- c:\users\Bjoern\AppData\Local\temp
2010-08-05 18:31 . 2010-08-05 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-05 18:20 . 2010-08-05 18:21 -------- d-----w- C:\32788R22FWJFW
2010-07-10 11:21 . 2010-07-10 12:50 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-10 11:21 . 2010-07-10 11:25 -------- d-----w- c:\users\Bjoern\AppData\Local\Blizzard Entertainment
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 11:11 . 2010-05-19 11:52 -------- d-----w- c:\users\Bjoern\AppData\Roaming\ICQ
2010-07-17 11:11 . 2009-12-23 13:00 -------- d-----w- c:\users\Bjoern\AppData\Roaming\EndNote
2010-07-12 14:30 . 2010-02-19 11:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-11 13:27 . 2010-01-20 10:23 -------- d-----w- c:\users\Bjoern\AppData\Roaming\uTorrent
2010-07-06 06:53 . 2010-05-13 21:07 -------- d-----w- c:\programdata\Microsoft Help
2010-07-06 06:47 . 2010-04-30 23:09 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-06 06:40 . 2010-05-13 21:11 -------- d-----w- c:\program files\Microsoft.NET
2010-06-01 17:37 . 2009-10-14 09:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-30 17:15 . 2009-12-17 09:39 116744 ----a-w- c:\users\Bjoern\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 07:24 . 2010-07-06 06:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-07-06 06:32 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-07-06 06:34 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-11 12:44 . 2009-12-26 14:38 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-05-09 09:14 . 2010-07-06 06:34 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-07-06 06:34 417792 ----a-w- c:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="e:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-17 110592]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2009-12-17 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-10-20 106496]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FFF0.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-26 691696]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-10-20 1701112]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-10-20 98304]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-10-20 485376]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-09-22 5946368]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-08-28 4232192]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Nach Microsoft &Excel exportieren - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - e:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\zagje12v.default\
FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
---- FIREFOX Richtlinien ----
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-tsnp2uvc - c:\windows\tsnp2uvc.exe
AddRemove-DCDemoDeinstallKey - e:\games\dcdemo\DeIsL1.isu
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\FFF0.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-609206492-3827312299-4017811985-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,c9,78,3b,04,4d,e1,c9,6f,40,04,b0,68,5d,b5,01,d9,43,88,6c,9d,38,aa,
95,21,57,5c,30,fe,7d,68,55,dc,78,60,51,15,28,39,45,81,18,fe,74,ee,0e,20,4c,\
"??"=hex:0b,63,a1,09,99,ff,39,3a,5d,f4,dc,0b,fb,22,78,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(544)
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
e:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-05 20:36:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-05 18:36
Vor Suchlauf: 29.322.113.024 bytes free
Nach Suchlauf: 30.375.026.688 bytes free
- - End Of File - - 76456E220186619B85890CB8F91B1F32
Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4395
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
05.08.2010 21:42:38
mbam-log-2010-08-05 (21-42-38).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 334102
Time elapsed: 1 hour(s), 1 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Geändert von Björn S. (05.08.2010 um 20:55 Uhr) |
|
06.08.2010, 11:22
| #12 |
| /// Malware-holic | Passwörter geklaut - aber wie? |
|
07.08.2010, 21:30
| #13 |
| | Passwörter geklaut - aber wie? Hier der Scan vom Laptop. Meinen Desktop habe ich zwar aus Zeitgründen noch nicht gescannt, aber da bin ich auch beruhigter da mir auch aufgefallen ist,d ass die Passwörter nie geklaut wurden wo ich mit meinem Desktop online war, sondern nur die 2 Male wo ich mit dem Laptop mich irgendwo eingeloggt habe. Code:
ATTFilter Autoscan: completed 9 minutes ago (events: 11, objects: 460572, time: 01:02:49)
07.08.2010 21:14:31 Task started
07.08.2010 21:20:46 Detected: hxxp://www.viruslist.com/en/advisories/40034 C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
07.08.2010 21:34:54 Detected: hxxp://www.viruslist.com/en/advisories/40026 C:\Windows\System32\Macromed\Flash\NPSWF32.dll
07.08.2010 21:50:31 Detected: hxxp://www.viruslist.com/en/advisories/23655 D:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msxml6.dll
07.08.2010 22:02:14 Detected: hxxp://www.viruslist.com/en/advisories/39036 E:\Program Files\IrfanView\i_view32.exe
07.08.2010 22:03:23 Detected: hxxp://www.viruslist.com/en/advisories/39925 E:\Program Files\Mozilla Firefox\firefox.exe
07.08.2010 22:13:11 Detected: hxxp://www.viruslist.com/en/advisories/40206 F:\Serveremulation\server2go_a22_psm\server2go_a22\server\Apache\bin\Apache.exe
07.08.2010 22:13:24 Detected: hxxp://www.viruslist.com/en/advisories/40268 F:\Serveremulation\server2go_a22_psm\server2go_a22\server\php\php.exe
07.08.2010 22:16:37 Detected: hxxp://www.viruslist.com/en/advisories/39925 E:\Program Files\Mozilla Firefox\firefox.exe
07.08.2010 22:16:46 Detected: hxxp://www.viruslist.com/en/advisories/39133 E:\Program Files\QuickTime\QuickTimePlayer.exe
07.08.2010 22:17:20 Task completed
|
|
07.08.2010, 21:53
| #14 |
| /// Malware-holic | Passwörter geklaut - aber wie? sieht auch gut aus. hast du vllt, nur um alle möglichkeiten abzuklären, deine passwörter in irgendwelchen mails angegeben? |
|
07.08.2010, 21:54
| #15 | |
| | Passwörter geklaut - aber wie?Zitat:
 Darüber hinaus bin ich mir jetzt zu 99% sicher, dass die Passwörter immer kurz danach geklaut wurden, als ich mit dem Laptop ins Netz ging...meine mich diesbezüglich erinnern zu können, da ich das mit dem Laptop wirklich selten mache. Können wir da mal ans Fixen kommen? |
|
| Themen zu Passwörter geklaut - aber wie? |
| 0 bytes, adobe, bho, browser, excel, explorer, firefox, firewall, google, internet, internet explorer, log, microsoft, microsoft security, microsoft security essentials, mozilla, namen, plug-in, realtek, rootkit, security, senden, software, spam-mails, system, system32, taskmanager, update, web.de, windows, windows firewall |
Linear-Darstellung
